The Active Setup ActiveX control can be configured to notify the user when a component signed by a trusted vendor is installed. Even when this feature is enabled, when the component in question is signed by Microsoft no notification is provided.

While Microsoft could use this feature to silently install software on a user's machine, there are countless other more subtle ways the operating system itself could do this. The more likely risk in this scenario is that an attacker could cause any Microsoft component with a known weakness to be installed silently on remote computers. The attacker could then attempt to exploit the weakness.

This 'feature' could be exploited remotely via a web page or HTML email.

-
漏洞利用

Demo by J.C.G. Cuartango available at:http://www.kriptopolis.com/demo

Juan Carlos Garcia Cuartango has made a demo available at:http://www.angelfire.com/ab/juan123/iengine.html

-
解决方案

Microsoft has made patches available which eliminates this vulnerability, available at the following location: